The Indian Cyber Crime Coordination Centre (I4C) Annual Report 2024-25 records over 22.5 lakh complaints on cybercrime.gov.in in FY 2024-25 alone — about 6,200 a day. Financial frauds account for ~78%. Among financial frauds reported within the first hour through 1930, the average recovery rate is around 12-15% of the lost amount; reported after 24 hours, it drops to under 3%. Speed is everything.

A cybercrime complaint is a complaint about a crime committed using the internet, mobile phones, or any digital device — financial fraud, sexual harassment online, child sexual abuse material, identity theft, hacking, defamation, blackmail, deepfake morphing, ransomware. The legal anchors are:

• Information Technology Act, 2000 — §43 (data damage), §66 (fraud / hacking), §66C (identity theft), §66D (cheating by personation using computer resource), §66E (privacy violation), §67 (obscene content), §72 (breach of confidentiality).
• Bharatiya Nyaya Sanhita (BNS), 2023 — §318 (cheating), §319 (forgery), §351 (criminal intimidation), §356 (defamation), §75 (sexual harassment), §77 (voyeurism). (Replaces the IPC since 1 July 2024.)
• Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023 — §173 (registration of FIR), §175 (Magistrate's order to register FIR if police refuse), §176 (investigation). (Replaces CrPC.)
• Digital Personal Data Protection Act, 2023 (DPDP) — for personal data breaches by Data Fiduciaries; Data Protection Board complaints.
• RBI Master Direction on Limited Liability of Customers in Unauthorised Electronic Banking Transactions, 2017 — defines your liability cap if reported in time (zero liability if reported within 3 working days for low-value SB accounts).

The forums to use, in order of speed:

• 1930 — National Cyber Crime Helpline. Toll-free, 24×7. Single most important number for financial fraud, because it triggers the bank-side freeze in real time.
• cybercrime.gov.in — National Cyber Crime Reporting Portal (NCRP). For all categories: financial, women/child, other.
• State Cyber Crime Police Station — physical/online registration of FIR; investigation and chargesheeting. Mumbai Police Cyber, Delhi Cyber Cell, Bengaluru CCB Cyber, Hyderabad Cyber Crimes PS, Chennai Cyber Crime Cell, Kolkata Cyber, Lucknow Cyber, Pune Cyber, etc.
• Your bank's fraud desk — for financial cybercrimes; mandatory under RBI 2017 Circular.
• CERT-In (cert-in.org.in) — for major incidents (data breach, ransomware on a business).
• Data Protection Board of India — for DPDP Act 2023 personal data breaches.

If money has left your account or card:

• Call 1930. Keep the call active; the operator will take your transaction IDs and reference numbers, and conference your bank in.
• Call your bank's fraud number in parallel — block your card / Net Banking / UPI handle. (SBI 1800-11-2211; HDFC 1800-258-6161; ICICI 1800-1080; Axis 1800-103-5577; Yes Bank 1800-1200; Bank of Baroda 1800-5700; PNB 1800-180-2222.)
• If UPI: open the app → “Help” → “Report a fraud” → cite UTR.
• Do not click any further links sent by the same caller; do not install AnyDesk / TeamViewer / QuickSupport on your phone; disconnect the call.

• Take screenshots of: SMS, WhatsApp messages, the fraudster's call log entry, transaction confirmations, the bank's debit alert, the website / app the fraudster used.
• Do not delete anything from your phone or email.
• If the fraud was via a phishing link, save the link as a screenshot (don't visit again).
• For deepfake / morphed images: save the original file with EXIF intact.
• For online harassment / stalking: screenshot the profile, the messages, and the URL.

• Visit cybercrime.gov.in.
• Pick the right category:
  • Report Other Cyber Crime — hacking, deepfake, identity theft, harassment (non-women/child), online fraud (non-financial).
  • Report Women / Child Related Crime — separate, anonymous-friendly track for cyberstalking, sextortion, CSAM, morphed images.
  • Report Financial Fraud — UPI, internet banking, card, wallet fraud (this is also where 1930 calls feed into).
• Login with mobile number + OTP (Aadhaar optional but speeds things up).
• Fill the complaint form:
  • Incident date, time, place.
  • Suspect details: phone numbers, UPI handle (e.g., name@oksbi), email, website URL, social media handle, IFSC + account number if known.
  • Modus operandi — narrate in plain language (e.g., “fraudster posed as SBI agent, asked for OTP citing KYC update”).
  • Upload all evidence files (PDF / JPG / PNG, ≤ 5 MB each, up to 10 files).
• Submit → Acknowledgement Number generated (format: e.g., 38000260000123).
• Track on “Track Your Complaint” with the acknowledgement number + mobile.

For serious cybercrimes, the cybercrime.gov.in complaint is forwarded to the jurisdictional Cyber Crime Police Station. They may convert it to an FIR under §173 BNSS 2023 if there's a cognizable offence — which most cybercrimes are.

If the police refuse to register an FIR:

• Approach the SP / DCP / Commissioner with a written representation under §173(4) BNSS (the equivalent of old §154(3) CrPC).
• If still refused, approach the Judicial Magistrate under §175 BNSS 2023 with a private complaint — Magistrate can direct registration of FIR.
• In parallel, file RTI to the SHO of the Cyber Crime PS asking why FIR was not registered. See RTI for FIR not registered — copy-ready template.

For financial fraud, send a written complaint to your bank within 3 working days of the unauthorised transaction. This triggers the RBI 2017 Limited Liability protection:

• Reported in 3 working days → Zero customer liability (if not customer's fault).
• Reported in 4-7 working days → Limited liability (₹5,000 to ₹25,000 depending on account type).
• Reported in >7 working days → As per bank's board-approved policy (often 100% loss to customer).

• Cybercrime.gov.in shows status: “Submitted → Forwarded → Under Investigation → Closed”.
• If “Closed” without resolution, request reopening via the portal (limited 30-day window).
• Visit the cyber PS in person if needed; carry your acknowledgement number printout, ID proof, and original evidence.

If you had cyber-insurance (HDFC ERGO / Bajaj Allianz cyber-fraud cover, or built-in cover on premium credit cards), file a claim within 30 days with the FIR copy + cybercrime.gov.in acknowledgement + bank statement.

For business losses from cybercrime, the loss may be tax-deductible under §37(1) of the Income Tax Act if treated as a business loss; consult a CA.

• Child sexual abuse material (CSAM) — report to NCMEC CyberTipline (cybertipline.org) and POCSO e-Box at ncpcr.gov.in/POCSO.
• Sextortion / morphed images of women — additionally on shebox.nic.in and to your local Women's Helpline 181.
• Bulk SMS / fake-call spam — DOT's Sanchar Saathi at sancharsaathi.gov.in (also for blocking lost mobiles via CEIR).
• Data breach by a Data Fiduciary (e.g., your data leaked by an app/company) — file with the Data Protection Board of India under DPDP Act 2023.

+-------------------------------------------------------------------------+
| INDIAN CYBERCRIME — KEY ACCESS POINTS (2026)                             |
+-------------------------------------------------------------------------+
| 1930        | National Cyber Crime Helpline — 24x7. Financial frauds.   |
|             | CALL WITHIN 1 HOUR for best fund-freezing chance.         |
+-------------+-----------------------------------------------------------+
| 1098        | CHILDLINE — for child-related cyber abuse.                |
+-------------+-----------------------------------------------------------+
| 181         | Women's Helpline — for online harassment / stalking.      |
+-------------+-----------------------------------------------------------+
| 1915        | National Consumer Helpline — for e-commerce fraud         |
|             | (non-criminal disputes — refund / wrong delivery).        |
+-------------+-----------------------------------------------------------+
| cybercrime.gov.in | National Cyber Crime Reporting Portal             |
+-------------+-----------------------------------------------------------+
| cert-in.org.in    | Major incidents — for businesses / sysadmins.     |
+-------------+-----------------------------------------------------------+
| sancharsaathi.gov.in | Spam SMS / fake calls / lost mobile blocking.  |
+-------------+-----------------------------------------------------------+
| shebox.nic.in     | Online sexual harassment / workplace cyber abuse. |
+-------------+-----------------------------------------------------------+
| pgportal.gov.in   | CPGRAMS — for portal / police service grievance.  |
+-------------+-----------------------------------------------------------+

KEY SECTIONS APPLIED IN MOST CYBERCRIME FIRs:
  IT Act 2000:
    §43         Data damage / unauthorised access (civil + criminal)
    §66         Hacking / fraud (3 yrs / Rs.5L)
    §66C        Identity theft — punishable up to 3 yrs + Rs.1 lakh
    §66D        Cheating by personation using computer (3 yrs + Rs.1L)
    §66E        Privacy violation — 3 yrs + Rs.2L
    §67         Obscene content transmission (3 yrs + Rs.5L 1st; 5+10L 2nd)
    §72         Breach of confidentiality
  BNS 2023:
    §318        Cheating (up to 7 years)
    §319        Cheating by personation
    §336        Forgery
    §351        Criminal intimidation
    §75-§77     Sexual harassment / stalking / voyeurism
  BNSS 2023:
    §173        FIR for cognizable offence (registration)
    §175        Magistrate's power to direct FIR
    §176        Investigation procedure

REQUIRED EVIDENCE TO UPLOAD ON cybercrime.gov.in:
   * Bank SMS + statement showing unauthorised debit
   * Transaction reference (UTR / RRN / IMPS ref no.)
   * Suspect's phone / UPI handle / email / URL screenshots
   * Call recording (if any)
   * Chat / WhatsApp / SMS screenshots (full thread, with timestamps)
   * Government ID — Aadhaar / PAN / Passport / Driving License
   * Filled cybercrime.gov.in complaint form (auto-PDF)

RTI to PIO Cyber Crime PS:        Rs.10 by IPO. BPL = free.
RTI to PIO MeitY / I4C:           Rs.10 by IPO. meity.gov.in.

• Delayed reporting — by the time the complaint reaches the cyber PS, the money has already been laundered through 4-5 mule accounts and withdrawn at a far-off ATM. Speed is the single biggest factor.
• Insufficient evidence — failed to screenshot, deleted the SMS, didn't note transaction IDs. Reconstruct what you can from your bank statement and email/SMS history.
• Suspect untraceable — fraudsters use mule accounts in Jamtara (Jharkhand), Mewat (Haryana), Bharatpur (Rajasthan), Phulwari (Bihar) clusters; SIM cards on fake KYC; VPNs and foreign IPs. Investigation often hits a dead end.
• Funds already withdrawn / dispersed beyond the freezing window — there's no money left in the receiving account when the bank gets the freeze request.
• Cyber Crime PS is over-burdened — small staffing vs. exploding case volume. Follow up persistently; escalate to SP / DCP if no progress in 30 days.
• Police refuse to register FIR despite a cognizable cybercrime — common practice. Use §175 BNSS 2023 Magistrate route + RTI for written reason.
• Cross-border element — fraudster operates from Cambodia / Dubai / Nepal call centres. Mutual Legal Assistance Treaty (MLAT) requests are slow.
• No KYC linkage — the receiving bank account was opened on fake KYC; even if identified, the operator was a paid mule.
• Low-value loss — cyber PS may “advise” you to forget it. Don't — even small complaints add to the I4C database that helps build cases against fraud rings.

Visit in person; carry acknowledgement + ID + evidence. Ask for the Investigating Officer (IO) assigned and his/her direct contact.

Written representation under §173(4) BNSS / §175 BNSS to the SP-Cyber, with copies of cybercrime.gov.in acknowledgement, the original complaint, and any RTI replies. Ask for either FIR registration, IO change, or investigation progress.

If FIR is not being registered despite a cognizable offence, file a private complaint before the jurisdictional Magistrate seeking direction under §175 BNSS (formerly §156(3) CrPC) — the Magistrate can direct the police to register the FIR and report. Counsel optional but useful.

Each state has a Police Complaints Authority under Prakash Singh Supreme Court directions — for misconduct / inaction by police. Parallel: a written complaint to the DGP of the state.

For portal-related grievances (case marked closed without action, status not updating, harassment by IO): pgportal.gov.in → “Ministry of Home Affairs” → “I4C / Cybercrime”.

The Cyber Crime Police Station, the I4C, and MeitY are all public authorities under §2(h) of the RTI Act 2005.

RTI helps here when:

• Police refuse to register your FIR — RTI to the SHO asking for written reason and the file noting. Very effective; see the dedicated guide RTI for FIR not registered.
• Your complaint on cybercrime.gov.in shows “Closed” with no explanation — RTI for the closure report.
• You want status of investigation after 60 days of FIR — RTI to the IO for the case diary status (gist, not full diary, since case-diary content is privileged).
• You want to know how many similar frauds have been reported with the same suspect mobile / UPI handle — useful when arguing for a serious chargesheet.
• You want MeitY's action against a particular spoof-call cluster or take-down orders issued under §69A IT Act.
• You want bank's fraud-handling SOPs that should have triggered earlier (RTI to PIO of public-sector banks).

RTI does NOT help here when:

• You want the money back from the suspect — RTI cannot adjudicate or recover; only the criminal court / civil court / banking ombudsman can.
• You want information from a private bank / private platform (HDFC, ICICI, WhatsApp, Truecaller, Paytm) — they are not public authorities. Use the Banking Ombudsman / NCRP / CERT-In takedown routes.
• You want case-diary contents in a pending investigation — protected from disclosure under §8(1)(h) RTI Act + §172 BNSS.
• For civil disputes disguised as cybercrime (e.g., e-commerce wrong delivery) — use National Consumer Helpline 1915 instead, see How to file a consumer complaint at NCDRC.

For background on filing a basic RTI, see RTI in 12 simple steps.

Q. I gave OTP to a caller and lost ₹50,000. Was it my fault?
Under RBI's 2017 Limited Liability Circular, “customer negligence” — like sharing OTP — can shift liability to you. But banks have been held liable in many Banking Ombudsman cases when their fraud-detection system failed (e.g., transaction at unusual hour, new beneficiary, multiple back-to-back debits). Always escalate; don't assume you're stuck with the loss.

Q. The fraudster's UPI ID showed a familiar bank name (e.g., name@oksbi). How is that possible?
@oksbi is a UPI handle suffix issued by SBI's UPI partner (PhonePe). Anyone can register a UPI ID with that suffix — the suffix is not a guarantee that the recipient is a verified SBI customer. Always cross-check the payee name displayed before sending money.

Q. Can I get the fraudster's phone number traced?
Police can issue notices under §94 BNSS (replaces §91 CrPC) and §43A IT Act to telecom operators for KYC subscriber data. Citizens cannot do this directly; you must rely on the police investigation post-FIR.

Q. The cybercrime.gov.in portal won't let me upload — files too big.
Compress images (use any free online JPEG compressor); split documents; or visit the cyber PS in person with a CD/USB. The portal is glitchy; don't give up.

Q. I'm being cyberstalked / blackmailed via Instagram morphed photos. What's the fastest route?
(1) Report on cybercrime.gov.in under “Women/Child Related Crime” — track is faster and confidentiality is preserved. (2) Use Instagram's “Report” feature on the post + profile. (3) Call 181 Women's Helpline. (4) For minors — additionally POCSO e-Box at ncpcr.gov.in/POCSO.

Q. Can I get my deepfake video taken down?
Yes — under §79(3)(b) IT Act read with the IT (Intermediary Guidelines) Rules 2021 + the 2023 Deepfake Advisory by MeitY, intermediaries (Meta, X, YouTube, Telegram) must remove deepfakes within 24-36 hours of a valid takedown notice. Send via the platform's grievance officer + cybercrime.gov.in.

Q. The bank says the fraud is “with the merchant” and refuses to refund. Now what?
Escalate to the Banking Ombudsman under the Integrated Ombudsman Scheme 2021 at rbi.org.in → “Complaint Lodging” → “CMS portal”. Free. Award binding on bank up to ₹20 lakh.

Q. My data was leaked by an app I used 2 years back. Whom do I complain to?
File with the Data Protection Board of India under the DPDP Act 2023. The Data Fiduciary can be fined up to ₹250 crore for personal data breach. Also CERT-In if it's a major breach affecting many users.

• RTI for FIR not registered — copy-ready template
• RTI in 12 simple steps — for first-time filers
• How to file a consumer complaint at NCDRC
• All Indian government helplines — one master directory
• RTI forms + state-wise fee chart

Last reviewed: 26 April 2026 by RTI Wiki editorial team. Cybercrime law evolves rapidly with new MeitY advisories and BNS / BNSS jurisprudence — verify on cybercrime.gov.in or meity.gov.in before relying on dated provisions, or write to admin@bighelpers.in if you spot a stale figure.